CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2007-1881 – Kaspersky AntiVirus 6.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-1881
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors. Vulnerabilidad no especificada en KLIF (klif.sys) de Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, y Anti-Virus para Servidores de archivos 6.0, e Internet Security 6.0 versiones anteriores a Maintenance Pack 2 build 6.0.2.614 permite a usuarios locales obtener privilegios Ring-0 mediante vectores no especificados. • https://www.exploit-db.com/exploits/3131 http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.osvdb.org/33852 http://www.vupen.com/english/advisories/2007/1268 •
CVSS: 10.0EPSS: 50%CPEs: 4EXPL: 0CVE-2007-0445 – Kaspersky AntiVirus Engine ARJ Archive Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0445
Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. Desbordamiento de búfer basado en pila en el módulo arj.ppl en OnDemand Scanner en Kaspersky Anti-Virus, Anti-Virus para estaciones de trabajo, y Anti-Virus para File Servers 6.0, e Internet Security 6.0 anterior a Maintenance Pack 2 construccion 6.0.2.614 permite a atacantes remotos ejecutar código de su elección a través de archivos ARJ. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of the Kaspersky Anti-Virus Engine. User interaction is not required to exploit this vulnerability. The specific flaw exists in the engine's handling of the ARJ archive format. The Kaspersky engine copies data from scanned archives into an unchecked heap-based buffer. • http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038693 http://www.kaspersky.com/technews?id=203038694 http://www.securityfocus.com/archive/1/464878/100/0/threaded http://www.securityfocus.com/bid/23346 http://www.securitytracker.com/id?1017882 http://www.securitytracker.com/id?1017883 http://www.vupen.com/english/advisories/2007/1268 http://www.zerodayinitiative.com/advisories/ZDI-07-013.html https://exchange.xforce.ibmcloud.com/vulnerabilities/33489 •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 0CVE-2007-1112 – Kaspersky Antivirus ActiveX Unsafe Methods Vulnerability
https://notcve.org/view.php?id=CVE-2007-1112
Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. Kaspersky Anti-Virus 6.0 e Internet Security 6.0 revela métodos no seguros en los controles ActiveX (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) y (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll), los cuales permiten a atacantes remotos descargar o borrar archivos de su elección a través de argumentos manipulados en los métodos (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, o (4) StartUploading. This vulnerability allows remote attackers to download and remove any file on vulnerable installations of Kaspersky Anti-Virus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaws exist within the ActiveX controls AXKLPROD60Lib.KAV60Info and AXKLSYSINFOLib.SysInfo defined in the following DLLs/CLSIDs: DLL: AxKLProd60.dll CLSID: D9EC22E7-1A86-4F7C-8940-0303AE5D6756 DLL: AxKLSysInfo.dll CLSID: BA61606B-258C-4021-AD27-E07A3F3B91DB Several methods exposed by these ActiveX controls can be abused by attackers: Function DeleteFile ( ByVal strFileName As String ) Function StartBatchUploading ( ByVal arrFiles As Variant , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartStrBatchUploading ( ByVal strFiles As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long Function StartUploading ( ByVal strFilePath As String , ByVal strFTPAddress As String , ByVal strFTPUploadPath As String ) As Long • http://secunia.com/advisories/24778 http://www.kaspersky.com/technews?id=203038694 http://www.securityfocus.com/archive/1/464882/100/0/threaded http://www.securityfocus.com/bid/23345 http://www.securitytracker.com/id?1017884 http://www.securitytracker.com/id?1017885 http://www.vupen.com/english/advisories/2007/1268 http://www.zerodayinitiative.com/advisories/ZDI-07-014.html https://exchange.xforce.ibmcloud.com/vulnerabilities/33464 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 4CVE-2006-4926 – Kaspersky Internet Security 6.0.0.303 - IOCTL KLICK Local Overflow / Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4926
The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and (2) KLIN (KLIN.SYS) device drivers 2.0.0.281 for in Kaspersky Labs Anti-Virus 6.0.0.303 and other Anti-Virus and Internet Security products, allows local users to execute arbitrary code via crafted Irp structure with invalid addresses in the 0x80052110 IOCTL. El NDIS-TDI Hooking Engine, según lo utilizado en (1) KLICK (KLICK.SYS) y (2) KLIN (KLIN.SYS) en los controladores de dispositivos 2.0.0.281 en Kaspersky Labs Anti-Virus 6.0.0.303 y otros antivirus o productos de seguridad de Internet, permite a un usuario local ejecutar código de su elección a través de un estructura Irp artesanal con una dirección inválida en 0x80052110 IOCTL. • https://www.exploit-db.com/exploits/2676 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=425 http://secunia.com/advisories/22478 http://securitytracker.com/id?1017093 http://www.kaspersky.com/technews?id=203038678 http://www.osvdb.org/29891 http://www.securityfocus.com/archive/1/449289/100/0/threaded http://www.securityfocus.com/archive/1/449301/100/0/threaded http://www.securityfocus.com/bid/20635 http://www.vupen.com/english/advisories/2006/4117 https&# •
CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 1CVE-2006-3074 – Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3074
klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, and (12) NtQueryValueKey hooked system calls, which allows local users to cause a denial of service (reboot) via an invalid parameter, as demonstrated by the ClientId parameter to NtOpenProcess. klif.sys en Kaspersky Internet Security v6.0 y v7.0, Kaspersky Anti-Virus (KAV) v6.0 y v7.0, KAV v6.0 para Windows Workstations, y KAV v6.0 para Windows Servers no validan de forma adecuada ciertos parámetros de llamadas al sistema "enganchadas" sobre (1) NtCreateKey, (2) NtCreateProcess, (3) NtCreateProcessEx, (4) NtCreateSection, (5) NtCreateSymbolicLinkObject, (6) NtCreateThread, (7) NtDeleteValueKey, (8) NtLoadKey2, (9) NtOpenKey, (10) NtOpenProcess, (11) NtOpenSection, y (12) NtQueryValueKey, lo que permite a usuarios locales provocar una denegación de servicio (reinicio) a través de un parámetro inválido, como se demostró con el parámetro ClientId sobre NtOpenProcess. • https://www.exploit-db.com/exploits/30192 http://secunia.com/advisories/20629 http://secunia.com/advisories/25603 http://uninformed.org/index.cgi?v=4&a=4&p=4 http://uninformed.org/index.cgi?v=4&a=4&p=7 http://www.kaspersky.com/technews?id=203038695 http://www.matousec.com/info/advisories/Kaspersky-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.rootkit.com/board.php?did=edge726&closed=0&lastx=15 http://www.rootkit.com/newsread.php? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •